Category: Cybersecurity

On December 19, in a Wall Street Journal editorial that drew much attention, Homeland Security Advisor Tom Bossert asserted that North Korea was “directly responsible” for the WannaCry cyberattack that struck more than 300,000 computers worldwide. The virus encrypted files on infected computers and demanded payment in return for supposedly providing a decryption key to allow users to regain access to locked files. Bossert charged that North Korea was “using cyberattacks to fund its reckless behavior and cause disruption across the world.” [1]

At a press conference on the same day, Bossert announced that the attribution was made “with evidence,” and that WannaCry “was directed by the government of North Korea,” and carried out by “actors on their behalf, intermediaries.” [2] The evidence that led the U.S. to that conclusion? Bossert was not saying, perhaps recalling the ridicule that greeted the FBI and Department of Homeland Security’s misbegotten report on the hacking of the Democratic National Committee.

Like this:

Russia, we are told, breached the servers of the Democratic National Committee (DNC), swiped emails and other documents, and released them to the public, to alter the outcome of the U.S. presidential election.

How substantial is the evidence backing these assertions?

Hired by the Democratic National Committee to investigate unusual network activity, the security firm Crowdstrike discovered two separate intrusions on DNC servers. Crowdstrike named the two intruders Cozy Bear and Fancy Bear, in an allusion to what it felt were Russian sources. According to Crowdstrike, “Their tradecraft is superb, operational security second to none,” and “both groups were constantly going back into the environment” to change code and methods and switch command and control channels.

Like this:

The cyberattack on Sony Pictures unleashed a torrent of alarmist media reports, evoking the image of North Korean perfidy. Within a month, the FBI issued a statement declaring the North Korean government “responsible for these actions.” Amid the media frenzy, several senators and congresspersons called for tough action. Arizona Senator John McCain blustered, “It’s a new form of warfare that we’re involved in, and we need to react and react vigorously.” President Barack Obama announced his administration planned to review the possibility of placing North Korea on the list of states sponsoring terrorism, a move that would further tighten the already harsh sanctions on North Korea. “They caused a lot of damage, and we will respond,” Obama warned darkly. “We will respond proportionally, and we’ll respond in a place and time and manner that we choose.”

In the rush to judgment, few were asking for evidence, and none was provided. Computer security analysts, however, were vocal in their skepticism.